Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems.
Two of the addressed security flaws are rated Critical, 68 are rated Important, and one is rated Low in severity, with three of the issues listed as publicly known at the time of the release. The four zero-days are as follows —
- CVE-2021-40449 (CVSS score: 7.8) – Win32k Elevation of Privilege Vulnerability
- CVE-2021-41335 (CVSS score: 7.8) – Windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-40469 (CVSS score: 7.2) – Windows DNS Server Remote Code Execution Vulnerability
- CVE-2021-41338 (CVSS score: 5.5) – Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
At the top of the list is CVE-2021-40449, a use-after-free vulnerability in the Win32k kernel driver discovered by Kaspersky as being exploited in the wild in late August and early September 2021 as part of a widespread espionage campaign targeting IT companies, defense…